Accdfisa

From Botnets.fr
Jump to: navigation, search

(Botnet) Link to the old Wiki page : [1] / Google search: [2]

Accdfisa
Alias Dacromf, Ransom.HV
Group Police lock
Parent
Sibling
Family
Relations Variants:

Sibling of:
Parent of:
Distribution of:
Campaigns:

Target Microsoft Windows Server
Origin
Distribution vector
UserAgent
CCProtocol
Activity /
Status
Language
Programming language
Operation/Working group

Introduction

The specificity of this Police lock ransomware is to target various versions of Microsoft Windows server. The machines are not infected through downloading a malware but following a targeted attack and intrusion into the system, sometimes using DUBrute and a dictionary attack. ACCDFISA is the acronym for a fictitions agency: "Anti Cyber Crime Department of Federal Internet Security Agency".

In April 2012, the quoting of certain American supermarket chains on the screencopies gathered and statements published on the Web suggest that an American public is targeted.

In March 2012, France and Spain have also been specifically targetted.

Features


Associated images

Checksums / AV databases

Publications

 AuthorEditorYear
MoVP 1.3 Desktops, heaps, and ransomwareMichael Hale LighVolatility labs2012
The ACCDFISA malware family – Ransomware targeting Windows serversFabian WosarEmsisoft2012
The ACCDFISA malware family – Ransomware targetting Windows serversEmsisoft Lab2012